image-studio
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (
generate.py) located at hardcoded absolute paths (C:\Users\renat\skills\...) to perform image generation, editing, and upscaling tasks. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (image descriptions) and interpolates it directly into shell commands as arguments for the
generate.pyscript. - Ingestion points: User input string for image generation requests (e.g., "crie uma imagem de X").
- Boundary markers: None. User input is placed directly into script arguments without delimiters or guardrails.
- Capability inventory: Execution of local Python scripts via shell commands (
SKILL.md). - Sanitization: No sanitization or escaping of the user-provided prompt string is mentioned before it is passed to the command line.
Audit Metadata